Questions tagged with Amazon CloudFront
Content language: English
Sort by most recent
Hi: wondering if an AWS technical support could look into this to determine why the request is coming back FORBIDDEN ... two requestId's below to compare ...
**Request Header (identical for both requests)**
OPTIONS https://api.flybreeze.com/production/nav/api/nsk/v1/token HTTP/1.1
Host: api.flybreeze.com
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.flybreeze.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.51
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.flybreeze.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
**FORBIDDEN Response Header**
HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 23
Connection: keep-alive
Date: Thu, 30 Mar 2023 18:51:50 GMT
**x-amzn-RequestId: 7bb21b87-6ecd-4dc1-8e07-bef8e7172d71**
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,Platform
**x-amzn-ErrorType: ForbiddenException**
x-amz-apigw-id: Cm8LHG-koAMFlBA=
Access-Control-Allow-Methods: OPTIONS,POST
**X-Cache: Error from cloudfront**
Via: 1.1 9a63a58e298bfb2c58157beda1f6de12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: DEN52-P1
X-Amz-Cf-Id: Wixm-reIOJukfeov0CcZmEfAy7e1ASejSVj6kmCbqe-BRZyqnUNoYQ==
Response Message
{"message":"Forbidden"}
**Below is a successful Response Header. Only difference is the ISP. The forbidden call was using fiber.net (host-145.arcadia-srv-216-83-134.fiber.net). The successful call was from the same web browser on the same machine, but tethered to T-Mobile hotspot.**
**Why would AWS block one request but not the other based on the ISP?**
**SUCCESSFUL Response Header**
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
Date: Thu, 30 Mar 2023 16:54:08 GMT
**x-amzn-RequestId: e1e7b624-dc5b-43d1-bfcd-434ee36bd580**
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id: Cmq7qH32IAMFodw=
Access-Control-Allow-Methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
**X-Cache: Miss from cloudfront**
Via: 1.1 0c32860274691581031a51698ea82be8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LAX53-P4
X-Amz-Cf-Id: UlBl6kMeG-q_hD9J_9u9tqeWJOywEwNrtYcPSuQSQKJs3RiuRXApPA==
Response Message:
{null}
## 404 Can't access ALB and EC2 via CloudFront
I'm creating a multi-behavior CloudFront configuration, one for an S3 bucket website and the other for an EC2 application connected via an ALB. I can access the ALB using its DNS and the S3 bucket via CloudFront, but I can't access the ALB and EC2 application through CloudFront. I've carefully checked the security group ports, access permissions, and HTTP methods. I've disabled caching for both behaviors.
Please suggest possible causes.
responce is like this
## 404 Not Found
- Code: NoSuchKey
- Message: The specified key does not exist.
- Key: efforsition
-----------------
My CloudFront origin settings and behaviors are as follows:
alb origin
Hello,
For a while, I was simply storing the contents of my website in a s3 bucket and could access all pages via the full url just fine. I wanted to make my website more secure by adding an SSL so I created a CloudFront Distribution to point to my s3 bucket.
The site will load just fine, but if the user tries to refresh the page, they will receive an AccessDenied page.
I have a policy on my s3 bucket that restricts access to only the Origin Access Identity and index.html is set as my domain root object.
I am not understanding what I am missing.
Any help is much appreciated.
Hello,
After filling a website form and sending it, it triggers sendmail.json 500 error and in the headers we have:
General
Response URL: https://xxxxxxxxxxx/sendmail.json
Request method: Post
Status code: 500
etc
Response headers
age: 498
server: amazonS3
x-cache error from cloudfront
What could be the issue and how do I fix it please?
Many thanks in advance
I have a static website using cloudfront and S3, how do I clear the cache?
I am using buddyboss app. There is an option to enable API CDN. The Cloudfront url i was provided is not being accepted.
What am I missing? Is there a different CDN URL I need to use?
I want to create live stream service using AWS, and I refer to [this](https://docs.aws.amazon.com/solutions/latest/live-streaming-on-aws/cost.html). But cost of network output is too high. I want to know how to saving cost. Any good idea?
A while back I thought I would give CloudFront a try using the Free Tier.
I created a distribution, uploaded a simple static hobbyist website, setup the github repo, the dns records and certificates and everything worked beautifully.
Now a few weeks later, I log into the AWS Console again to play around some more and everything is gone.
The console is not showing any distributions.
The website is still working fine, http headers and the certificate indicate it is being loaded from CloudFront and S3.
Any idea what could be going on?
Thanks in advance.
Hello,
I'm not a web developer. I created my AWS EB WebApp as Classic Load balancer. I'm now setting up Cloudfront distribution for CDN with a custom domain that I bought from AWS Route 53. My cloudfront is working, but it's not responding for POST request. When I read about it online, I think my aws eb webapp should be migrated to Application Load Balancer. Could you help please? - Haile
Hello All,
I've been trying to setup a Multi-region access point for S3.
The basic problem is that I have users in Asia that I'm trying to get better performance for.
The simple part. I've created two buckets, I've put an html file in each of them with a simple name of us-east-1 and ap-south-1.
Initially those were private access only but for the purpose of getting anything working they are now public.
They are setup in an mrap which for now is not replicating.
I setup a cloudfront distribution and pointed it at the mrap but only ever get errors.
https://corridor-ap-south-1.s3.ap-south-1.amazonaws.com/test/region-test/region.html - ap-south-1 html
https://corridor-cdn.s3.amazonaws.com/test/region-test/region.html - us-east-1 html
mrap alias: mbzcc59bo9dy4.mrap
mrap access point? https://mbzcc59bo9dy4.mrap.accesspoint.s3-global.amazonaws.com/test/region-test/region.html
The errors are: The authorization mechanism you have provided is not supported. Please use Signature Version 4.
I hope I'm wrong, but is there a ridiculously stupid world where I have to put a signature on my object request?
This seems like it would be a complete waste of money to setup a lambda to do this for all my object requests.
Dear Support and Community,
I use the following code to get a cloudfront distributed audiostream on my website.
Without cookie authorization everything works fine. When I use the code on my wordpress website the cookies get set as expected but cloudfront still rejects access with a 403 error. Do you see any mistakes I could have made?
BR Iggy
```
<?php
/**
* Plugin Name: CloudFront Auth Plugin 0.5
* Description: Ein Plugin zur Implementierung der CloudFront-Cookie-Authentifizierung.
* Version: 0.5
* Author: us
* License: GPL2
*/
function createSignedCookie($streamHostUrl, $resourceKey, $timeout){
error_log('function createSignedCookie gestartet');
$keyPairId = "APKA5**********HZVB"; // Key Pair
$expires = time() + $timeout; // Expire Time
$url = $streamHostUrl . '/' . $resourceKey; // Service URL -> The path for that the cookies shall be valid
$ip=$_SERVER["REMOTE_ADDR"] . "\/24"; // IP
$json = '{"Statement":[{"Resource":"'.$url.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';
$private_key_path = __DIR__ . '/private_key.pem';
$fp = fopen($private_key_path, 'r');
if (!$fp) {
return;
}
$priv_key=fread($fp, 8192);
fclose($fp);
$key = openssl_get_privatekey($priv_key);
if(!$key){
return;
}
if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)){
error_log('Failed to sign policy: ' . openssl_error_string());
return;
}
$base64_signed_policy = base64_encode($signed_policy);
$policy = strtr(base64_encode($json), '+=/', '-_~'); //Canned Policy
$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);
$signedCookie = array(
"CloudFront-Key-Pair-Id" => $keyPairId,
"CloudFront-Policy" => $policy,
"CloudFront-Signature" => $signature
);
return $signedCookie;
}
function TriggerSignedCookies(){
$signedCookieCustomPolicy = createSignedCookie('cookietest.ourwebsite.com', 'music.mp3', 300);
foreach ($signedCookieCustomPolicy as $name => $value) {
setcookie($name, $value, 0, "/", "ourwebsite.com", true, true);
}
}
function SetCloudFrontCookies() {
global $post;
if (is_a($post, 'WP_Post') && has_shortcode($post->post_content, 'SetCookies')) {
TriggerSignedCookies();
}
}
function ShortcodeHandler() {
// Gibt einen leeren String zurück, um zu verhindern, dass "1" auf der Website angezeigt wird.
return '';
}
function ShortcodeInit() {
add_shortcode('SetCookies', 'ShortcodeHandler');
}
add_action('init', 'ShortcodeInit', 0);
add_action('send_headers', 'SetCloudFrontCookies', 0);
?>
```
Hi,
S3 has static website enabled and configured through cloud front using OAI.
When s3 is public accessible , the cloudfront url is working , once S3 Public access is disabled , even website is not being accessed by cloudfront url and getting access denied.